NT based roles using forms authentication

S

Sharat Koya

Please can you help with a problem I am having.

My web config is set to...
<authorization><deny users="?"/>
<authentication mode="Forms">
<forms name=".COOKIE" loginUrl="login.aspx" protection="All"
timeout="5" path="/"/>
</authentication>
<identity impersonate="true"/>

login.aspx uses advapi32.dll to create the token and authenticate the
user
using the code..
if(LogonUser(TextBoxUsername.Text,
"HILLSRD",
TextBoxPassword.Text,
LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT,
ref token) != 0)
{

FormsAuthentication.RedirectFromLoginPage(TextBoxUsername.Text,
CBoxRememberMe.Checked);

}

but when I want to enable NT group security but when I go to access
User.IsInRole it always returns false? I digged a little deeper by
live debugging and found that m_roles array is always empty. What am I
doing wrong - why aren't the roles avaialble that are on the domain?


many thanks for any help on this.

Sharat Koya
 
S

Scott Allen

Hi Sharat:

I'm not sure what the requirements are for your application, but I'm
thinking you could save yourself a good deal of code if you let
Windows manage the authentication and impersonation with a web.config
along the lines of:

<system.web>
<authentication mode="Windows"/>
<identity impersonate="true"/>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>

This will avoid you having to use LogonUser in your code. If you do go
this way - you need to use the token given out by LogonUser to do the
impersonation, and pass the token to CloseHandle for proper cleanup
afterwards.
 
B

bruce barker

<identity impersonate="true"/> means to impersonate the iis authenticated
user, in your case because you are using forms authentication, the iis user
is the anonymous login.

because you are using forms authentication, its your job to fill in the
roles. you will need to do this on every request.

-- bruce (sqlwork.com)
 
S

Scott Allen

You could create locked down local accounts on the web server and
still use Windows authentication. If the server doesn't recognize
thier current credentials the browser will prompt for then to enter a
username, password and domain (machine name) to log in with.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Forms Authentication / Role based security 1
Forms Authentication 4
Forms Authentication for single directory 1
Can't use forms authentication when using IIS 5
Forms authentication page not called 7
Forms Auth (roles being ignored) 0
Forms Authentication not Redirecting 1
CreateUserWizard and Forms Authentication w/Roles 4

Members online

Total: 46 (members: 1, guests: 45)
Robots: 463

Forum statistics

Threads
473,969
Messages
2,570,161
Members
46,709
Latest member
AustinMudi

Latest Threads

Top